Introduction
Remote attackers can manipulate airport weather data, trigger false alerts, and potentially disrupt flight operations by exploiting a critical flaw in Radiometrics VizAir. This vulnerability, tracked as CVE-2025-54863, exposes REST API credentials through a misconfigured, publicly accessible file, giving unauthorized parties the ability to control vital meteorological systems.
About Radiometrics and VizAir: Radiometrics Corporation is a specialized provider of weather decision support systems for aviation, spaceports, and emergency management. Their VizAir product is deployed at airports worldwide, offering real-time wind shear detection, fog and icing alerts, and thunderstorm warnings. The system is integral to flight safety and operational continuity in aviation.
Technical Information
CVE-2025-54863 is rooted in the exposure of the REST API authentication key within Radiometrics VizAir systems. The key is stored in a configuration file that is accessible over the network without authentication. This file is not protected by proper access controls or encryption, violating basic credential management principles (CWE-522: Insufficiently Protected Credentials).
Attackers can locate and retrieve this configuration file using standard HTTP requests or automated directory enumeration. Once the API key is obtained, it can be used to make authenticated REST API calls, enabling:
- Remote alteration of weather data and system configurations
- Extraction of sensitive meteorological data
- Automation of attacks across multiple VizAir instances
- Flooding the system with false alerts, leading to denial of service
The root cause is the insecure storage of API credentials in plaintext within a file that is accessible to unauthenticated users. No public code snippets, patch details, or detection methods are available at this time.
Affected Systems and Versions
- Product: Radiometrics VizAir
- Specific affected versions: Not disclosed in public sources
- Vulnerable configuration: REST API key stored in a publicly accessible configuration file
Vendor Security History
- No public record of prior similar vulnerabilities in Radiometrics VizAir
- No information on vendor patch response time or security maturity
- Vendor has engaged with CISA for advisory publication
